<?php

/**
 * Edit Profile DB is a page that handles the update initiated by the edit-profile.php page
 *
 * @Author Ryan Olson
 * @Version 1.0
 */

@session_start();
require_once 'shared-functions.php';
require_once 'session.php';
require_once 'masterpage.php';

//Make sure the student is logged in
if (!IsValidSession()) {
    header('Location: login.php?page=edit-profile');
    exit();
}
else
{
    RefreshSession();
}

$user = GetCurrentUserAccessLevel();
$link = connect_db();

masterpage("Update Profile");

if (isset($_POST['edit'])) {

    //update other user fields
    $query = "UPDATE `User` SET `EmailAddress` = '" . $_POST['txtEmail'] . "'";
    if ($user == $DIRECTOR || $user == $ADMIN) {

        //Check if username is taken
        $username = "SELECT * FROM `User` WHERE `UserID` != '" . $_POST['id'] . "' AND `UserName` = '".$_POST['txtUsername']."'";
        $usernames = mysql_query($username, $link);
        if (mysql_num_rows($usernames)) {
            $error = "Please enter a different username, the one you requested is already taken. please try again";
            echo $error.'<br />';
			echo '<a href="edit-profile.php?id='.$_POST['id'].'">Click here to go back to edit profile</a>';
            exit();
        }

        if(!isset($_POST['active']))
        {
            $active = 0;
        }
        else
        {
            $active = 1;
        }
        $query .= ", `FirstName` = '" . $_POST['txtFirstName'] . "'";
        $query .= ", `MiddleName` = '" . $_POST['txtMiddleName'] . "'";
        $query .= ", `LastName` = '" . $_POST['txtLastName'] . "'";
        $query .= ", `Username` = '" . $_POST['txtUsername'] . "'";
        $query .= ", `Active` = '".$active."'";
    }
    $query .= "WHERE `UserID`='" . $_POST['id'] . "'";
    $result = mysql_query($query, $link);
    if (!$result) {
        $error = "Update unsuccessful. Please try again.";
		echo $error.'<br />';
		echo '<a href="edit-profile.php?id='.$_POST['id'].'">Click here to go back to edit profile</a>';
        exit();
    }


    //update other student fields
    if (GetCurrentUserAccessLevel() == $STUDENT || $_POST['edit'] == "student") {
        $update = "UPDATE `Student` SET";
        $update .= " `Address` = '" . $_POST['txtAddress'] . "',";
        $update .= " `City` = '" . $_POST['txtCity'] . "',";
        $update .= " `Region` = '" . $_POST['txtRegion'] . "',";
        $update .= " `PostalAddress` = '" . $_POST['txtPostCode'] . "',";
        $update .= " `Country` = '" . $_POST['txtCountry'] . "',";
        $update .= " `SchoolID` = '" . $_POST['txtSchoolID'] . "',";
        $update .= " `NMC_ID` = '" . $_POST['txtNMCID'] . "',";
        $update .= " `Hometown` = '" . $_POST['txtHometown'] . "',";
        $update .= " `PhoneNumber` = '" . $_POST['txtPhoneNumber'] . "'";
        $update .= " WHERE `ID` = '" . $_POST['id'] . "'";

        $result = mysql_query($update, $link);
        if (!$result) {
            $error = "Update unsuccessful. Address did not update. Please try again.".mysql_error();
            echo $error.'<br />';
			echo '<a href="edit-profile.php?id='.$_POST['id'].'">Click here to go back to edit profile</a>';
            exit();
        }
    }

    if ((GetCurrentUserAccessLevel() == $DIRECTOR || GetCurrentUserAccessLevel() == $ADMIN)
        && $_POST['edit'] == "student") {
        echo 'Student successfully updated<br /><a href="student-selector.php?page=edit-profile&select=Edit">Click here</a>';
        echo ' to go back to the manage students page.';
    }
    else if ((GetCurrentUserAccessLevel() == $DIRECTOR || GetCurrentUserAccessLevel() == $ADMIN)
             && $_POST['edit'] != "student") {
        echo 'User successfully updated<br /><a href="user-selector.php?page=edit-profile">Click here</a>';
        echo ' to go back to the manage users page.';
    }
    else
    {
        echo 'Your profile has successfully been updated<br /><a href="profile.php">Click here</a> to go back to your profile';
    }
}
endmasterpage();
?>
